When CA Identity Manager integrates with CA Identity Governance, CA Identity Manager administrators can validate proposed changes against business policy rules in CA Identity Governance before committing changes. Validating changes before they are committed helps companies maintain the role model that they have defined for their operations.
Users can validate proposed changes involving users, roles, and accounts.
When Smart Provisioning is enabled for an environment, CA Identity Manager validates proposed changes to users, roles, and accounts before an administrator submits a task or approves a work item. The proposed changes are validated against Business Policy Rules (BPRs), which are defined in CA Identity Governance and represent various constraints on privileges. For example, a BPR may prevent users who have a purchasing department role, which allows members to order stock from subcontractors, from also having the subcontractor payment role. BPRs are created by a system administrator, business manager, auditor, or role engineer in CA Identity Governance.
Note: For more information about BPRs, see the Client Tools Guide.
You can configure CA Identity Manager to perform these validations automatically when users perform certain tasks, or allow users to initiate the validation manually.
|
Copyright © 2015 CA Technologies.
All rights reserved.
|
|